[148758] in cryptography@c2.net mail archive
Re: [Cryptography] how reliably do audits spot backdoors?
daemon@ATHENA.MIT.EDU (Benjamin Kreuter)
Thu Dec 26 21:15:14 2013
X-Original-To: cryptography@metzdowd.com
Date: Thu, 26 Dec 2013 20:28:34 -0500
From: Benjamin Kreuter <brk7bx@virginia.edu>
To: James Cloos <cloos@jhcloos.com>
In-Reply-To: <m338lf8kgb.fsf@carbon.jhcloos.org>
Cc: cryptography@metzdowd.com, jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1192077013303379967==
Content-Type: multipart/signed; micalg=PGP-SHA512;
boundary="Sig_/VkPY7E8eO/3QBLckQ7IcVV1"; protocol="application/pgp-signature"
--Sig_/VkPY7E8eO/3QBLckQ7IcVV1
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Thu, 26 Dec 2013 14:45:31 -0500
James Cloos <cloos@jhcloos.com> wrote:
> >>>>> "BK" =3D=3D Benjamin Kreuter <brk7bx@virginia.edu> writes:
>=20
> BK> So the fact that it is possible for the sum of two positive
> BK> integers to be a negative number is idiomatic?
>=20
> It is called modular arithmetic. So not just idiomatic, but expected.
In fact, it is undefined behavior in C -- because it is an signed
arithmetic overflow. You are thinking of unsigned overflow, which is
defined.
> Is there really anyone who has learned to code who doesn't understand
> that an N-bit register does math modulus 2^N? Or how twos-complement
> math works?
Really, if we are going to be doing modular arithmetic, *we should have
to be explicit about that*. The fact that the auditing process must
include steps like, "What is the size of the register this is stored
in?" or "Is this signed or unsigned overflow?" is a problem. Either
overflows should be trapped and reported as an error, or the default
integer type should be arbitrary precision.
> (There may be some these days unfamiliar with ones-complement, but
> unfamiliarity with unsigned modular arithmetic and twos-complement
> signed modular arithmetic seems to contradict an understanding of
> how current computers work. And understanding how a given chip works
> seems prerequisite to understanding how to code for it.)
I am pretty sure that nobody on this mailing list can claim to
understand all of the behavior of their CPU. Modern CPUs are
complicated and come with numerous undocumented features and
behaviors. There are inconsistencies between Intel and AMD
implementations of the same instructions (unsurprising given just how
many x86 instructions there are), and even between different Intel
CPUs.
The more your code depends on particular CPU implementations or
features, the harder your code is to audit. Even depending on
something as seemingly innocent as register sizes makes auditing more
complex than it should be.
-- Ben
--=20
Benjamin R Kreuter
KK4FJZ
--
"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
--Sig_/VkPY7E8eO/3QBLckQ7IcVV1
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAEBCgAGBQJSvNfGAAoJEP3W2K8t6K+jK+MQAI8LB9C56P9Rx9/GIN/dhITJ
J7bAvjR77/GTCC1EWUuSWewqPNzktjFGn5i8kHBFnF7sq3gJrhuVXDu0TEvXWj/L
GKNQuvdV8u38IbIFD5GOkkI2uln9ezkNGsMXP0IAZI4YUXeC6KZNKrbh//Z4EwHs
cunr9v3ovPAzrkJEHBI5CeK590D1c3NO635DEf7Q37HDZKvyiGUXmG0SEHxRwIW1
vxCYsgs0X1yhDBNuq9LHD/WDRwLXS+0W47wGIS1Zvv7p+XgKDKwXTbH3rC/7qZEO
2OCXBBiDmm0UCTeQwtIvtAFiBLxyaNPmY+gKLr0v0aWcvy113Zk8qpZExP3cwQYP
ZtaQ3SGQY9Q3YtREZCW0/pTD62hJ8Boox1AZHTrwCkImJDCbHgWWkjuoil8VbEbA
jbHNSGRED/hVB+lM/VTmY0dLgTPEppPEP21/VInLKEAaB3hJZI+LczxvkPQWbW0j
G7YEWGVjLa8gSiAAxGQZosLVIa7GU4ns8+JeyAsG4+VCBireaR1XiUapAXKCjCRa
emMA8SpZ6ZkW6Qw16STnVRYkVqIaEXLnsEGdkYGl3qGt+1ZZeSv5maq4sIFO1C5u
JRnYeRWG2aGXm2CgzEEzsRO2g5z2SEkr4OTr/lQf1soOs6nvw0iDWOrTlUkp+r2q
gc5igb3iZ9INLf/aRFyk
=7LXc
-----END PGP SIGNATURE-----
--Sig_/VkPY7E8eO/3QBLckQ7IcVV1--
--===============1192077013303379967==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1192077013303379967==--
